str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
'img' => preg_quote($config['dir']['img'], '/'),
'thumb' => preg_quote($config['dir']['thumb'], '/'),
'res' => preg_quote($config['dir']['res'], '/'),
'index' => preg_quote($config['file_index'], '/')
);
if(preg_match('/^\/?$/', $query)) {
// Dashboard
$fieldset = Array(
'Boards' => '',
'Noticeboard' => '',
'Administration' => '',
'Themes' => '',
'Search' => '',
'Update' => '',
'Logout' => ''
);
// Boards
$fieldset['Boards'] .= ulBoards();
if(hasPermission($config['mod']['noticeboard'])) {
$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$fieldset['Noticeboard'] .= '
';
$_body = '';
while($notice = $query->fetch()) {
$_body .= ' ' .
($notice['subject'] ?
$notice['subject']
:
'no subject '
) .
' — by ' .
(isset($notice['username']) ?
utf8tohtml($notice['username'])
: '??? ') .
' at ' .
date($config['post_date'], $notice['time']) .
' ';
}
if(!empty($_body)) {
$fieldset['Noticeboard'] .= '';
}
$fieldset['Noticeboard'] .= 'View all entires ';
$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
$query->bindValue(':id', $mod['id']);
$query->execute() or error(db_error($query));
$count = $query->fetch();
$count = $count['count'];
$fieldset['Noticeboard'] .= 'PM inbox' .
($count > 0
?
' (' . $count . ' unread) '
: '') .
' ';
$fieldset['Noticeboard'] .= 'News ';
}
if(hasPermission($config['mod']['reports'])) {
$fieldset['Administration'] .= 'Report queue ';
}
if(hasPermission($config['mod']['view_banlist'])) {
$fieldset['Administration'] .= 'Ban list ';
}
if(hasPermission($config['mod']['manageusers'])) {
$fieldset['Administration'] .= 'Manage users ';
}
if(hasPermission($config['mod']['modlog'])) {
$fieldset['Administration'] .= 'Moderation log ';
}
if(hasPermission($config['mod']['rebuild'])) {
$fieldset['Administration'] .= 'Rebuild static files ';
}
if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) {
$fieldset['Administration'] .= 'Clear cache ';
}
if(hasPermission($config['mod']['show_config'])) {
$fieldset['Administration'] .= 'Show configuration ';
}
if(hasPermission($config['mod']['themes'])) {
$fieldset['Themes'] .= 'Manage themes ';
}
if(hasPermission($config['mod']['search'])) {
$fieldset['Search'] .= '' .
'(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)
' .
' ';
}
if($mod['type'] >= ADMIN && $config['check_updates']) {
if(!$version = @file_get_contents('.installed'))
error('Could not find current version! (Check .installed)');
if(isset($_SESSION['update']) && time() - $_SESSION['update']['time'] < $config['check_updates_time']) {
$latest = unserialize($_SESSION['update']['latest']);
} else {
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 3
)
)
);
if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) {
eval($code);
if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $version, $m)) {
$current = Array(
'massive' => (int)$m[1],
'major' => (int)$m[2],
'minor' => (int)$m[3]
);
if(isset($m[4])) {
// Development versions are always ahead in the versioning numbers
$current['minor'] --;
}
}
// Check if it's newer
if( $latest['massive'] > $current['massive'] ||
$latest['major'] > $current['major'] ||
($latest['massive'] == $current['massive'] &&
$latest['major'] == $current['major'] &&
$latest['minor'] > $current['minor']
)) {
$latest = $latest;
} else $latest = false;
} else {
// Couldn't get latest version
// TODO: Display some sort of warning message
$latest = false;
}
$_SESSION['update'] = Array('time' => time(), 'latest' => serialize($latest));
}
if($latest) {
$fieldset['Update'] .=
'A newer version of Tinyboard (v' .
$latest['massive'] . '.' .
$latest['major'] . '.' .
$latest['minor'] .
' ) is available! See http://tinyboard.org/ for download instructions. ';
}
}
$fieldset['Logout'] .= 'Logout ';
// TODO: Statistics, etc, in the dashboard.
$body = '';
foreach($fieldset as $title => $data) {
if($data)
$body .= "{$title} ";
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Dashboard',
'body'=>$body,
'__mod'=>true
)
);
} elseif(preg_match('/^\/logout$/', $query)) {
destroyCookies();
header('Location: ?/', true, $config['redirect_http']);
} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
$uri = &$matches[1];
$body = '' .
'Are you sure you want to do that? ' .
'You clicked ' .
'?/' . utf8tohtml($uri) . ' ' .
' but had Javascript disabled, so we weren\'t able to serve the confirmation dialog.' .
'
' .
'Confirm.
';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Confirm',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/log$/', $query)) {
if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
$boards = Array();
$_boards = listBoards();
foreach($_boards as &$_b) {
$boards[$_b['id']] = $_b['uri'];
}
$body = 'User IP address Ago Board Action ';
$query = prepare("SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($log = $query->fetch()) {
$log['text'] = utf8tohtml($log['text']);
$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '$1 ', $log['text']);
$body .= '' .
'' . $log['username'] . ' ' .
'' . $log['ip'] . ' ' .
'' . ago($log['time']) . ' ' .
'' .
($log['board'] ?
(isset($boards[$log['board']]) ?
'' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . ' '
: 'deleted? ')
: '-') .
'' . $log['text'] . ' ' .
' ';
}
$body .= '
';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Moderation log',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
// Clearsettings
query("TRUNCATE TABLE `theme_settings`") or error(db_error());
echo Element('page.html', Array(
'config'=>$config,
'title'=>'No theme',
'body'=>'Successfully uninstalled all themes.
' .
'Go back to themes .
',
'mod'=>true
)
);
} elseif(preg_match('/^\/themes\/(\w+)\/rebuild$/', $query, $match)) {
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
rebuildTheme($match[1], 'all');
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Rebuilt',
'body'=>'Successfully rebuilt the ' . $match[1] . ' theme.
' .
'Go back to themes .
',
'mod'=>true
)
);
} elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) {
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query->bindValue(':theme', $match[1]);
$query->execute() or error(db_error($query));
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Uninstalled',
'body'=>'Successfully uninstalled the ' . $match[1] . ' theme.
' .
'Go back to themes .
',
'mod'=>true
)
);
} elseif(preg_match('/^\/themes(\/(\w+))?$/', $query, $match)) {
if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
if(!is_dir($config['dir']['themes']))
error('Themes directory doesn\'t exist!');
if(!$dir = opendir($config['dir']['themes']))
error('Cannot open themes directory; check permissions.');
if(isset($match[2])) {
$_theme = &$match[2];
if(!$theme = loadThemeConfig($_theme)) {
error($config['error']['invalidtheme']);
}
if(isset($_POST['install'])) {
// Check if everything is submitted
foreach($theme['config'] as &$c) {
if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox')
error(sprintf($config['error']['required'], $c['title']));
}
// Clear previous settings
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
foreach($theme['config'] as &$c) {
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
$query->bindValue(':theme', $_theme);
$query->bindValue(':name', $c['name']);
$query->bindValue(':value', $_POST[$c['name']]);
$query->execute() or error(db_error($query));
}
$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
$result = true;
$body = '';
if(isset($theme['install_callback'])) {
$ret = $theme['install_callback']($theme['config']);
if($ret && !empty($ret)) {
if(is_array($ret) && count($ret) == 2) {
$result = $ret[0];
$ret = $ret[1];
}
$body .= '' . $ret . '
';
}
}
if($result) {
$body .= 'Successfully installed and built theme.
';
} else {
// install failed
$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
$query->bindValue(':theme', $_theme);
$query->execute() or error(db_error($query));
}
$body .= 'Go back to themes .
';
// Build themes
rebuildThemes('all');
echo Element('page.html', Array(
'config'=>$config,
'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'),
'body'=>$body,
'mod'=>true
)
);
} else {
$body = '';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Installing "' . utf8tohtml($theme['name']) . '"',
'body'=>$body,
'mod'=>true
)
);
}
} else {
$themes_in_use = Array();
$query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
while($theme = $query->fetch()) {
$themes_in_use[$theme['theme']] = true;
}
// Scan directory for themes
$themes = Array();
while($file = readdir($dir)) {
if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
$themes[] = $file;
}
}
closedir($dir);
$body = '';
if(empty($themes)) {
$body = '(No themes installed.)
';
} else {
$body .= '';
foreach($themes as &$_theme) {
$theme = loadThemeConfig($_theme);
markup($theme['description']);
$body .= '' .
'Name ' .
'' . utf8tohtml($theme['name']) . ' ' .
' ' .
'' .
'Version ' .
'' . utf8tohtml($theme['version']) . ' ' .
' ' .
'' .
'Description ' .
'' . $theme['description'] . ' ' .
' ' .
'' .
'Thumbnail ' .
' ' .
' ' .
'' .
'Actions ' .
' ' .
' ' .
' ';
}
$body .= '
';
}
if(!empty($themes_in_use))
$body .= 'Uninstall all themes.
';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Select theme',
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
header('Location: ?/noticeboard', true, $config['redirect_http']);
} elseif(preg_match('/^\/noticeboard$/', $query)) {
if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
$body = '';
if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
markup($_POST['body']);
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
header('Location: ?/noticeboard', true, $config['redirect_http']);
} else {
if(hasPermission($config['mod']['noticeboard_post'])) {
$body .= 'New post ';
}
$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($notice = $query->fetch()) {
$body .= '' .
(hasPermission($config['mod']['noticeboard_delete']) ?
'
[delete] '
: '') .
'
' .
($notice['subject'] ?
$notice['subject']
:
'no subject '
) .
' — by ' .
(isset($notice['username']) ?
utf8tohtml($notice['username'])
:
'??? '
) .
' at ' .
date($config['post_date'], $notice['time']) .
' ' . $notice['body'] . '
';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Noticeboard',
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `news` WHERE `id` = :id");
$query->bindValue(':id', $match[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
rebuildThemes('news');
header('Location: ?/news', true, $config['redirect_http']);
} elseif(preg_match('/^\/news$/', $query)) {
$body = '';
if(hasPermission($config['mod']['news'])) {
if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
if(isset($_POST['name']) && hasPermission($config['mod']['news_custom']))
$name = &$_POST['name'];
else
$name = &$mod['username'];
$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
$query->bindvalue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
markup($_POST['body']);
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
rebuildThemes('news');
}
$body .= 'New post ' .
' ';
}
$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($news = $query->fetch()) {
$body .= '' .
(hasPermission($config['mod']['news_delete']) ?
'
[delete] '
: '') .
'
' .
($news['subject'] ?
$news['subject']
:
'no subject '
) .
' — by ' .
$news['name'] .
' at ' .
date($config['post_date'], $news['time']) .
' ' . $news['body'] . '
';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'News',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/inbox$/', $query, $match)) {
$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() == 0) {
$body = '(No private messages for you.)
';
} else {
$unread_pms = 0;
$body = '';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'PM Inbox (' . ($query->rowCount() == 0 ? 'empty' : $unread_pms . ' unread') . ')',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
$id = &$match[1];
if(hasPermission($config['mod']['master_pm'])) {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
} else {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
}
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$pm = $query->fetch()) {
// Mod doesn't exist
error($config['error']['404']);
}
if(isset($_POST['delete'])) {
$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Deleted a PM');
header('Location: ?/inbox', true, $config['redirect_http']);
} else {
if($pm['unread']) {
$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Read a PM');
}
if($pm['to'] != $mod['id']) {
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
$__to = &$_mod['username'];
} else {
$__to = false;
}
}
$body = '' .
'
' .
' ' .
'Reply with quote
';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Private message',
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
$to = &$match[1];
$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $to, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$to = $query->fetch()) {
// Mod doesn't exist
error($config['error']['404']);
}
if(isset($_POST['message'])) {
// Post message
$message = &$_POST['message'];
if(empty($message))
error($config['error']['tooshort_body']);
markup($message);
$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
$query->bindValue(':message', $message);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Sent a PM to ' . $to['username']);
echo Element('page.html', Array(
'config'=>$config,
'title'=>'PM sent',
'body'=>'Message sent successfully to ' . utf8tohtml($to['username']) . '.
',
'mod'=>true
)
);
} else {
$value = '';
if(isset($match[3])) {
$reply = &$match[3];
$query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id");
$query->bindValue(':sender', $to['id'], PDO::PARAM_INT);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':id', $reply, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($pm = $query->fetch()) {
$value = quote($pm['message']);
}
}
$body = '' .
'' .
'
' .
' ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'New PM for ' . utf8tohtml($to['username']),
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/search$/', $query)) {
if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
$body = '';
if(isset($_POST['search']) && !empty($_POST['search'])) {
$phrase = &$_POST['search'];
$_body = '';
// Escape escape character
$phrase = str_replace('!', '!!', $phrase);
// Remove SQL wildcard
$phrase = str_replace('%', '!%', $phrase);
// Use asterisk as wildcard to suit convention
$phrase = str_replace('*', '%', $phrase);
$like = '';
$match = Array();
// Find exact phrases
if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
foreach($m[1] as &$quote) {
$phrase = str_replace("\"{$quote}\"", '', $phrase);
$match[] = $pdo->quote($quote);
}
}
$words = explode(' ', $phrase);
foreach($words as &$word) {
if(empty($word))
continue;
$match[] = $pdo->quote($word);
}
// a
$like = '';
foreach($match as &$phrase) {
if(!empty($like))
$like .= ' AND ';
$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
}
$like = str_replace('%', '%%', $like);
$boards = listBoards();
foreach($boards as &$_b) {
openBoard($_b['uri']);
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
$query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$temp = '';
while($post = $query->fetch()) {
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
}
$temp .= $po->build(true) . ' ';
}
if(!empty($temp))
$_body .= '' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on ' .
sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
' ' . $temp . ' ';
}
$body .= ' ';
if(!empty($_body))
$body .= $_body;
else
$body .= '(No results.)
';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Search',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/users$/', $query)) {
if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
$body = 'ID Username Type Boards Last action … ';
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
while($_mod = $query->fetch()) {
$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
$body .= '' .
'' .
$_mod['id'] .
' ' .
'' .
utf8tohtml($_mod['username']) .
' ' .
'' .
$type .
' ' .
'' .
str_replace(',', ', ', $_mod['boards']) .
' ' .
'' .
($_mod['last'] ?
'' . ago($_mod['last']) . ' '
: 'never ') .
' ' .
'' .
(hasPermission($config['mod']['promoteusers']) ?
($_mod['type'] != ADMIN ?
'▲ '
:'') .
($_mod['type'] != JANITOR ?
'▼ '
:'')
: ''
) .
(hasPermission($config['mod']['editusers']) ||
(hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])?
'[edit] '
: '' ) .
(hasPermission($config['mod']['create_pm']) ?
'[PM] '
: '' ) .
' ';
}
$body .= '
';
if(hasPermission($config['mod']['createusers'])) {
$body .= 'Create new user
';
}
$body .= ' ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Manage users',
'body'=>$body
,'mod'=>true
)
);
} elseif(preg_match('/^\/users\/new$/', $query)) {
if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!isset($_POST['type'])) {
error(sprintf($config['error']['required'], 'type'));
}
if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
error(sprintf($config['error']['invalidfield'], 'type'));
}
// Check if already exists
$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
$query->bindValue(':username', $_POST['username']);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
error(sprintf($config['error']['modexists'], $_mod['id']));
}
$boards = Array();
foreach($_POST as $name => $null) {
if(preg_match('/^board_(.+)$/', $name, $m))
$boards[] = $m[1];
}
$boards = implode(',', $boards);
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
$query->bindValue(':boards', $boards);
$query->execute() or error(db_error($query));
modLog('Create a new user: "' . $_POST['username'] . '"');
header('Location: ?/users', true, $config['redirect_http']);
} else {
$__boards = '';
$boards = array_merge(
Array(Array('uri' => '*', 'title' => 'All')
), listBoards());
foreach($boards as &$_board) {
$__boards .= '' .
' ' .
' ' .
($_board['uri'] == '*' ?
'"*" '
:
sprintf($config['board_abbreviation'], $_board['uri'])
) .
' - ' . $_board['title'] .
' ' .
' ';
}
$body = 'New user ' .
// Begin form
'' .
'' .
' ' .
// End form
' ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'New user',
'body'=>$body
,'mod'=>true
)
);
}
} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
$modID = &$matches[1];
if(isset($matches[2])) {
if($matches[3] == 'delete') {
if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Deleted user #' . $modID);
} else {
// Promote/demote
if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
if($matches[3] == 'promote') {
$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
} else {
$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
}
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
header('Location: ?/users', true, $config['redirect_http']);
} else {
// Edit user
if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password'])) error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
error($config['error']['404']);
}
if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true))
error($config['error']['noaccess']);
if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
if(!isset($change_password_only)) {
$boards = Array();
foreach($_POST as $name => $null) {
if(preg_match('/^board_(.+)$/', $name, $m))
$boards[] = $m[1];
}
$boards = implode(',', $boards);
$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
$query->bindValue(':boards', $boards, PDO::PARAM_STR);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Edited login details for user "' . $_mod['username'] . '"');
} else {
modLog('Changed own password');
}
if(!empty($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
// Refresh
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
error($config['error']['404']);
}
if($_mod['id'] == $mod['id']) {
// Changed own password. Update cookies
setCookies();
}
}
$__boards = '';
$body = 'Edit user ' .
// Begin form
'' .
'' .
' ' .
// End form
' ' .
// Delete button
(hasPermission($config['mod']['deleteusers']) ?
'Delete user
'
:'') .
' ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Edit user',
'body'=>$body
,'mod'=>true
)
);
}
} elseif(preg_match('/^\/reports$/', $query)) {
if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']);
$body = '';
$reports = 0;
$query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit");
$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($report = $query->fetch()) {
$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri']));
$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
$p_query->execute() or error(db_error($query));
if(!$post = $p_query->fetch()) {
// Invalid report (post has since been deleted)
$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id");
$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
$p_query->execute() or error(db_error($query));
continue;
}
$reports++;
openBoard($report['uri']);
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
}
$append_html =
'';
// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
$po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, ' '));
if(strlen($po->body) + strlen($append_html) > $config['body_truncate_char']) {
// still too long. temporarily increase limit in the config
$__old_body_truncate_char = $config['body_truncate_char'];
$config['body_truncate_char'] = strlen($po->body) + strlen($append_html);
}
$po->body .= $append_html;
$body .= $po->build(true) . ' ';
if(isset($__old_body_truncate_char))
$config['body_truncate_char'] = $__old_body_truncate_char;
}
$query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error());
$count = $query->fetch();
$body .= 'Showing ' .
($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.
';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Report queue (' . $count['count'] . ')',
'body'=>$body,
'mod'=>true
));
} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
if(isset($matches[2]) && $matches[2] == '/all') {
if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']);
$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($report = $query->fetch()) {
$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
modLog('Dismissed all reports by ' . $report['ip']);
}
} else {
if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']);
$query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id");
$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($report = $query->fetch()) {
modLog('Dismissed a report for post #' . $report['post'], $report['board']);
$query = prepare("DELETE FROM `reports` WHERE `post` = :post");
$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
}
// Redirect
header('Location: ?/reports', true, $config['redirect_http']);
} elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) {
if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']);
if(!openBoard($matches[1]))
error($config['error']['noboard']);
if(isset($matches[2]) && $matches[2] == '/delete') {
if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']);
// Delete board
modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri']));
// Delete entire board directory
rrmdir($board['uri'] . '/');
// Delete posting table
$query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error());
// Clear reports
$query = prepare("DELETE FROM `reports` WHERE `board` = :id");
$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
// Delete from table
$query = prepare("DELETE FROM `boards` WHERE `id` = :id");
$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($config['cache']['enabled']) {
cache::delete('board_' . $board['uri']);
cache::delete('all_boards');
}
rebuildThemes('boards');
header('Location: ?/', true, $config['redirect_http']);
} else {
if(isset($_POST['title']) && isset($_POST['subtitle'])) {
$query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id");
$query->bindValue(':title', utf8tohtml($_POST['title'], true));
if(!empty($_POST['subtitle']))
$query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true));
else
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($config['cache']['enabled']) {
cache::delete('board_' . $board['uri']);
cache::delete('all_boards');
}
rebuildThemes('boards');
openBoard($board['uri']);
}
$body =
'' .
sprintf($config['board_abbreviation'], $board['uri']) . ' ' .
' - ' . $board['name'] . ' ' .
// Begin form
'' .
'' .
' ' .
// End form
' ' .
// Delete button
(hasPermission($config['mod']['deleteboard']) ?
'Delete board
'
:'') .
' ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']),
'body'=>$body,
'mod'=>true
));
}
} elseif(preg_match('/^\/bans$/', $query)) {
if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']);
if(isset($_POST['unban'])) {
if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']);
foreach($_POST as $post => $value) {
if(preg_match('/^ban_(\d+)$/', $post, $m)) {
removeBan($m[1]);
}
}
}
if(hasPermission($config['mod']['view_banexpired'])) {
$query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
} else {
// Filter out expired bans
$query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
if($query->rowCount() < 1) {
$body = '(There are no active bans.)
';
} else {
$body = ' ';
$body .= '' .
(hasPermission($config['mod']['unban']) ?
'
'
: '') .
' ';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Ban list',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/flush$/', $query)) {
if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
if(!$config['cache']['enabled']) error('Cache is not enabled.');
if(cache::flush()) {
$body = 'Successfully invalidated all items in the cache.';
modLog('Cleared cache');
} else {
$body = 'An error occured while trying to flush cache.';
}
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Flushed',
'body'=>'' . $body . '
',
'mod'=>true
));
} elseif(preg_match('/^\/rebuild$/', $query)) {
if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
set_time_limit($config['mod']['rebuild_timelimit']);
$body = 'Rebuilding… ';
$body .= 'Clearing template cache… ';
$twig = new Twig_Environment($loader, Array(
'cache' => "{$config['dir']['template']}/cache"
));
$twig->clearCacheFiles();
$body .= 'Regenerating theme files… ';
rebuildThemes('all');
$body .= 'Generating Javascript file… ';
buildJavascript();
$boards = listBoards();
foreach($boards as &$board) {
$body .= "Opening board /{$board['uri']}/ ";
openBoard($board['uri']);
$body .= 'Creating index pages ';
buildIndex();
$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
while($post = $query->fetch()) {
$body .= "Rebuilding #{$post['id']} ";
buildThread($post['id']);
}
}
$body .= 'Complete!
';
unset($board);
modLog('Rebuilt everything');
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Rebuilt',
'body'=>$body,
'mod'=>true
));
} elseif(preg_match('/^\/config$/', $query)) {
if(!hasPermission($config['mod']['show_config'])) error($config['error']['noaccess']);
// Show instance-config.php
$data = '';
function do_array_part($array, $prefix = '') {
global $data, $config;
foreach($array as $name => $value) {
if(is_array($value)) {
do_array_part($value, $prefix . $name . ' → ');
} else {
if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') {
$value = 'hidden ';
} elseif(gettype($value) == 'boolean') {
$value = $value ? 'On ' : 'Off ';
} elseif(gettype($value) == 'string') {
if(empty($value))
$value = 'empty ';
else
$value = '' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . ' ';
} elseif(gettype($value) == 'integer') {
$value = '' . $value . ' ';
}
$data .=
'' .
$prefix . (gettype($name) == 'integer' ? '[]' : $name) .
' ' .
$value .
' ';
}
}
}
do_array_part($config);
$body = 'Configuration ';
echo Element('page.html', Array(
'config'=>$config,
'title'=>'Configuration',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/new$/', $query)) {
if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']);
// New board
$body = '';
if(isset($_POST['new_board'])) {
// Create new board
if( !isset($_POST['uri']) ||
!isset($_POST['title']) ||
!isset($_POST['subtitle'])
) error($config['error']['missedafield']);
$b = Array(
'uri' => $_POST['uri'],
'title' => $_POST['title'],
'subtitle' => $_POST['subtitle']
);
// HTML characters
$b['title'] = utf8tohtml($b['title'], true);
$b['subtitle'] = utf8tohtml($b['subtitle'], true);
// Check required fields
if(empty($b['uri']))
error(sprintf($config['error']['required'], 'URI'));
if(empty($b['title']))
error(sprintf($config['error']['required'], 'title'));
// Check string lengths
if(strlen($b['uri']) > 8)
error(sprintf($config['error']['toolong'], 'URI'));
if(strlen($b['title']) > 20)
error(sprintf($config['error']['toolong'], 'title'));
if(strlen($b['subtitle']) > 40)
error(sprintf($config['error']['toolong'], 'subtitle'));
if(!preg_match('/^\w+$/', $b['uri']))
error(sprintf($config['error']['invalidfield'], 'URI'));
if(openBoard($b['uri'])) {
unset($board);
error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
}
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
$query->bindValue(':uri', $b['uri']);
$query->bindValue(':title', $b['title']);
if(!empty($b['subtitle'])) {
$query->bindValue(':subtitle', $b['subtitle']);
} else {
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
// Record the action
modLog("Created a new board: {$b['title']}");
// Open the board
openBoard($b['uri']) or error("Couldn't open board after creation.");
// Create the posts table
query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
// Build the board
buildIndex();
rebuildThemes('boards');
header('Location: ?/board/' . $board['uri'], true, $config['redirect_http']);
} else {
$body .= form_newBoard();
// TODO: Statistics, etc, in the dashboard.
echo Element('page.html', Array(
'config'=>$config,
'title'=>'New board',
'body'=>$body,
'mod'=>true
)
);
}
} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
// Board index
$boardName = &$matches[1];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
$page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2];
if(!$page = index($page_no, $mod)) {
error($config['error']['404']);
}
$page['pages'] = getPages(true);
$page['pages'][$page_no-1]['selected'] = true;
$page['btn'] = getPageButtons($page['pages'], true);
$page['hidden_inputs'] = createHiddenInputs();
$page['mod'] = true;
echo Element('index.html', $page);
} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
// View thread
$boardName = &$matches[1];
$thread = &$matches[2];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
$page = buildThread($thread, true, $mod);
echo $page;
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
if(!hasPermission($config['mod']['deletefile'])) error($config['error']['noaccess']);
// Delete file from post
$boardName = &$matches[1];
$post = &$matches[2];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
// Delete post
deleteFile($post);
// Record the action
modLog("Removed file from post #{$post}");
// Rebuild board
buildIndex();
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
if(!hasPermission($config['mod']['delete'])) error($config['error']['noaccess']);
// Delete post
$boardName = &$matches[1];
$post = &$matches[2];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
// Delete post
deletePost($post);
// Record the action
modLog("Deleted post #{$post}");
// Rebuild board
buildIndex();
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
if(!hasPermission($config['mod']['sticky'])) error($config['error']['noaccess']);
// Add/remove sticky
$boardName = &$matches[1];
$post = &$matches[3];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unstickied post #{$post}");
$query->bindValue(':sticky', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Stickied post #{$post}");
$query->bindValue(':sticky', 1, PDO::PARAM_INT);
}
$query->execute() or error(db_error($query));
buildIndex();
buildThread($post);
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
// Lock/Unlock
$boardName = &$matches[1];
if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
$post = &$matches[3];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
if($matches[2] == 'un') {
// Record the action
modLog("Unlocked post #{$post}");
$query->bindValue(':locked', 0, PDO::PARAM_INT);
} else {
// Record the action
modLog("Locked post #{$post}");
$query->bindValue(':locked', 1, PDO::PARAM_INT);
}
$query->execute() or error(db_error($query));
buildIndex();
buildThread($post);
// Redirect
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
// Delete all posts by an IP
$boardName = &$matches[1];
$post = &$matches[2];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if(!$post = $query->fetch())
error($config['error']['invalidpost']);
$ip = $post['ip'];
// Record the action
modLog("Deleted all posts by IP address: {$ip}");
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri']));
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1)
error($config['error']['invalidpost']);
while($post = $query->fetch()) {
deletePost($post['id'], false);
}
buildIndex();
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
} elseif(preg_match('/^\/ban$/', $query)) {
if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
// Ban page
if(isset($_POST['new_ban'])) {
if( !isset($_POST['ip']) ||
!isset($_POST['reason']) ||
!isset($_POST['length']) ||
!isset($_POST['board_id'])
) error($config['error']['missedafield']);
// Check required fields
if(empty($_POST['ip']))
error(sprintf($config['error']['required'], 'IP address'));
$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
// 1yr2hrs30mins
// 1y2h30m
$expire = 0;
if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
if(isset($m[2])) {
// Years
$expire += $m[2]*60*60*24*365;
}
if(isset($m[4])) {
// Months
$expire += $m[4]*60*60*24*30;
}
if(isset($m[6])) {
// Weeks
$expire += $m[6]*60*60*24*7;
}
if(isset($m[8])) {
// Days
$expire += $m[8]*60*60*24;
}
if(isset($m[10])) {
// Hours
$expire += $m[10]*60*60;
}
if(isset($m[12])) {
// Minutes
$expire += $m[12]*60;
}
if(isset($m[14])) {
// Seconds
$expire += $m[14];
}
}
if($expire) {
$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
} else {
// Never expire
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':set', time(), PDO::PARAM_INT);
if(!empty($_POST['reason'])) {
$reason = $_POST['reason'];
markup($reason);
$query->bindValue(':reason', $reason, PDO::PARAM_STR);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
if($_POST['board_id'] < 0) {
$query->bindValue(':board', null, PDO::PARAM_NULL);
} else {
$query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT);
}
// Record the action
modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason'));
$query->execute() or error(db_error($query));
// Delete too
if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {
openBoard($_POST['board']);
$post = round($_POST['delete']);
deletePost($post);
// Record the action
modLog("Deleted post #{$post}");
// Rebuild board
buildIndex();
}
if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) {
openBoard($_POST['board']);
$post = round($_POST['post']);
$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message'])));
$query->execute() or error(db_error($query));
// Rebuild thread
$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$thread = $query->fetch();
if($thread['thread'])
buildThread($thread['thread']);
else
buildThread($post);
// Rebuild board
buildIndex();
// Record the action
modLog("Attached a public ban message for post #{$post}: " . $_POST['message']);
}
// Redirect
if(isset($_POST['continue']))
header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
elseif(isset($board))
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
else
header('Location: ?/', true, $config['redirect_http']);
}
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
// Ban by post
$boardName = &$matches[1];
if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
$delete = isset($matches[2]) && $matches[2] == '&delete';
if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
$post = $matches[3];
// Open board
if(!openBoard($boardName))
error($config['error']['noboard']);
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($query->rowCount() < 1) {
error($config['error']['invalidpost']);
}
$post = $query->fetch();
$body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete);
echo Element('page.html', Array(
'config'=>$config,
'title'=>'New ban',
'body'=>$body,
'mod'=>true
)
);
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P\d+)$/', $query, $matches)) {
if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
$ip = $matches[1];
$id = $matches['id'];
$query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id");
$query->bindValue(':ip', $ip);
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) {
// View information on an IP address
$ip = $matches[1];
$host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false;
if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) {
removeBan($_POST['ban_id']);
header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
} elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) {
$query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)");
$query->bindValue(':ip', $ip);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':time', time(), PDO::PARAM_INT);
markup($_POST['note']);
$query->bindValue(':body', $_POST['note']);
$query->execute() or error(db_error($query));
header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
} else {
$body = '';
$boards = listBoards();
foreach($boards as &$_board) {
openBoard($_board['uri']);
$temp = '';
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
$query->bindValue(':ip', $ip);
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
while($post = $query->fetch()) {
if(!$post['thread']) {
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['embed'], '?/', $mod, false);
} else {
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
}
$temp .= $po->build(true) . ' ';
}
if(!empty($temp))
$body .= 'Last ' . $query->rowCount() . ' posts on ' .
sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
' ' . $temp . ' ';
}
if(hasPermission($config['mod']['view_notes'])) {
$query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) {
$body .= '' .
$query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' .
' ';
if($query->rowCount() > 0) {
$body .= '' .
'Staff Note Date ' .
(hasPermission($config['mod']['remove_notes']) ? 'Actions ' : '') .
'';
while($note = $query->fetch()) {
if($note['mod']) {
$_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$_query->bindValue(':id', $note['mod']);
$_query->execute() or error(db_error($_query));
if($_mod = $_query->fetch()) {
if(hasPermission($config['mod']['editusers']))
$staff = '' . utf8tohtml($_mod['username']) . ' ';
else
$staff = utf8tohtml($_mod['username']);
} else {
$staff = '??? ';
}
} else {
$staff = 'system ';
}
$body .= '' .
'' .
$staff .
' ' .
$note['body'] .
' ' .
date($config['post_date'], $note['time']) .
' ' .
(hasPermission($config['mod']['remove_notes']) ?
'[delete] '
: '') .
' ';
}
$body .= '
';
}
if(hasPermission($config['mod']['create_notes'])) {
$body .= '' .
'' .
' ';
}
$body .= ' ';
}
}
if(hasPermission($config['mod']['view_ban'])) {
$query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
if($query->rowCount() > 0) {
$body .= 'Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record ';
while($ban = $query->fetch()) {
$body .= '' .
'Status ' .
($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
'Expired'
: 'Active') .
' ' .
// IP
'IP ' . $ban['ip'] . ' ' .
// Reason
'Reason ' . $ban['reason'] . ' ' .
// Board
'Board ' .
(isset($ban['board']) ?
(isset($ban['uri']) ?
sprintf($config['board_abbreviation'], $ban['uri'])
:
'deleted? '
)
:
'all boards '
) .
' ' .
// Set
'Set ' . date($config['post_date'], $ban['set']) . ' ' .
// Expires
'Expires ' .
($ban['expires'] == 0 ?
'Never '
:
date($config['post_date'], $ban['expires'])
) .
' ' .
// Staff
'Staff ' .
(isset($ban['username']) ?
(!hasPermission($config['mod']['view_banstaff']) ?
($config['mod']['view_banquestionmark'] ?
'?'
:
($ban['type'] == JANITOR ? 'Janitor' :
($ban['type'] == MOD ? 'Mod' :
($ban['type'] == ADMIN ? 'Admin' :
'?')))
)
:
utf8tohtml($ban['username'])
)
: 'deleted? '
) .
'
' .
' ' .
' ';
}
$body .= ' ';
}
}
if(hasPermission($config['mod']['ip_banform']))
$body .= form_newBan($ip, null, '?/IP/' . $ip);
echo Element('page.html', Array(
'config'=>$config,
'title'=>'IP: ' . $ip,
'subtitle' => $host,
'body'=>$body,
'mod'=>true
)
);
}
} else {
error($config['error']['404']);
}
}
?>